Emotet, one of the most dangerous email spam botnets in recent history, is being wiped out today from all infected devices with the help of a malware module delivered in January by law enforcement. The botnet's takedown is the result of an international law enforcement action that allowed investigators to take control of the Emotet's servers and disrupt the malware's operation.
This specifically designed malware code forced the Emotet to self-destruct on Sunday, April 25. The code was distributed at the end of January to Emotet-infected computers by the malware's command-and-control (C2) infrastructure, which had just been seized in an international law enforcement operation.
After the takedown operation, law enforcement pushed a new configuration to active Emotet infections so that the malware would begin to use command and control servers controlled by the Bundeskriminalamt, Germany's federal police agency. Law enforcement then distributed a new Emotet module in the form of a 32-bit EmotetLoader.dll to all infected systems that automatically uninstalled the malware on Sunday.
“The EmotetLoader.dll is a 32-bit DLL responsible for removing the malware from all infected computers. This will ensure that all services related to Emotet will be deleted, the run key in the Windows registry is removed – so that no more Emotet modules are started automatically – and all running Emotet processes are terminated,” Mariya Grozdanova, a threat intelligence analyst at Redscan, stated.
Emotet was particularly nasty in that it spread mainly via malicious attachments in spam emails, and once installed, could bring in additional malware: infected machines were rented out to crooks to install things like ransomware and code that drained victims' online bank accounts. Computer security biz Digital S ..
Support the originator by clicking the read the rest link below.
